公开(公告)号：US11809584B2

公开(公告)日：2023-11-07

申请号：US17457401

申请日：2021-12-02

Applicant: Apple Inc.

Inventor： Eric B. Tamura ,  Wade Benson ,  John Garvey

IPC: G06F21/62 ,  G06F21/60 ,  H04L9/14 ,  G06F21/31

CPC classification number: G06F21/6218 ,  G06F21/31 ,  G06F21/602 ,  H04L9/14

Abstract: Techniques are disclosed relating to securely storing file system metadata in a computing device. In one embodiment, a computing device includes a processor, memory, and a secure circuit. The memory has a file system stored therein that includes metadata for accessing a plurality of files in the memory. The metadata is encrypted with a metadata encryption key that is stored in an encrypted form. The secure circuit is configured to receive a request from the processor to access the file system. In response to the request, the secure circuit is configured to decrypt the encrypted form of the metadata encryption key. In some embodiments, the computing device includes a memory controller configured to receive the metadata encryption key from the secure circuit, retrieve the encrypted metadata from the memory, and decrypt the encrypted metadata prior to providing the metadata to the processor.

公开(公告)号：US11385816B2

公开(公告)日：2022-07-12

申请号：US16879432

申请日：2020-05-20

Applicant: Apple Inc.

Inventor： Vivek Verma ,  Damien P. Sorresso ,  Pavel Sokolov ,  Pierre-Olivier J. Martel ,  Eric B. Tamura ,  Yoni Baron

IPC: G06F3/06

Abstract: Representative embodiments set forth herein disclose techniques for implementing improved links between paths of one or more file systems. According to some embodiments, techniques are disclosed for establishing a system volume and a data volume within a container. According to other embodiments, techniques are disclosed for establishing a link from a source path of a system volume within a container to a target path of a data volume within the container. According to yet other embodiments, techniques are disclosed for determining whether to allow a file system operation on a data volume of a container based on at least determining whether a target path is associated with a reference to a source path.

公开(公告)号：US20220092206A1

公开(公告)日：2022-03-24

申请号：US17457401

申请日：2021-12-02

Applicant: Apple Inc.

Inventor： Eric B. Tamura ,  Wade Benson ,  John Garvey

IPC: G06F21/62 ,  G06F21/60 ,  H04L9/14 ,  G06F21/31

Abstract: Techniques are disclosed relating to securely storing file system metadata in a computing device. In one embodiment, a computing device includes a processor, memory, and a secure circuit. The memory has a file system stored therein that includes metadata for accessing a plurality of files in the memory. The metadata is encrypted with a metadata encryption key that is stored in an encrypted form. The secure circuit is configured to receive a request from the processor to access the file system. In response to the request, the secure circuit is configured to decrypt the encrypted form of the metadata encryption key. In some embodiments, the computing device includes a memory controller configured to receive the metadata encryption key from the secure circuit, retrieve the encrypted metadata from the memory, and decrypt the encrypted metadata prior to providing the metadata to the processor.

公开(公告)号：US20230153292A1

公开(公告)日：2023-05-18

申请号：US18094192

申请日：2023-01-06

Applicant: Apple Inc.

Inventor： Meha N. Desai ,  Eric B. Tamura

IPC: G06F16/23 ,  G06F16/22 ,  H04L9/08 ,  H04L9/06 ,  G06F16/2457

CPC classification number: G06F16/2365 ,  G06F16/2246 ,  H04L9/0825 ,  H04L9/0643 ,  G06F16/24573

Abstract: Techniques are disclosed for ensuring consistent metadata across computing devices. In one example, a user device of a plurality of user devices receives a manifest that includes first metadata associated with a file system update of a file system of the user device. The user device generates second metadata of the file system based on performing the file system update. The user device then generates a dictionary based on comparing metadata records of the first metadata with metadata records of the second metadata. The dictionary may indicate a difference between at least one metadata record of the first metadata and at least one metadata record of the second metadata. The user device then updates the second metadata of the file system to match the first metadata based at least in part on the difference indicated by the dictionary.

公开(公告)号：US10509701B2

公开(公告)日：2019-12-17

申请号：US15275144

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Eric B. Tamura ,  Dominic B. Giampaolo

IPC: G06F11/14 ,  G06F16/16 ,  G06F16/178

Abstract: The embodiments set forth a technique for carrying out a backup of data managed at a computing device. According to some embodiments, the technique can include the steps of (1) receiving a request to carry out the backup of the data, (2) in response to the request, generating a current snapshot of the data, (3) identifying, in accordance with the current snapshot of the data, block data of at least one data block to be reflected in the backup of the data, wherein the at least one data block is tagged with an identifier of a file node to which the at least one data block corresponds, and (4) providing information to a storage to cause the block data to be reflected in the backup of the data.

公开(公告)号：US10454679B2

公开(公告)日：2019-10-22

申请号：US15274706

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Eric B. Tamura ,  Dominic B. Giampaolo ,  Kelly B. Yancey

IPC: H04L9/16 ,  G06F21/60 ,  G06F21/62 ,  G06F16/16 ,  H04L9/08

Abstract: This application sets forth a key rolling technique for a file system of a computing device. The key rolling technique allows for files to be transparently re-encrypted in a background process while still allowing applications to access the files being re-encrypted. During re-encryption, at least one file extent of a file is decrypted using a current key for the file extent and re-encrypted using a new key for the file extent. Moreover, the file extent can be relocated to another location in memory during re-encryption to enhance accessibility and crash protection features. Metadata associated with the file can be updated to include information pertaining to both the location of the re-encrypted file extent as well as the new key that can be used to decrypt the re-encrypted file extent. In this manner, the metadata can be used to properly construct a complete file when the file needs to be accessed.

公开(公告)号：US10452859B2

公开(公告)日：2019-10-22

申请号：US15275289

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Eric B. Tamura ,  Wade Benson ,  John Garvey

IPC: G06F21/62 ,  G06F21/60 ,  H04L9/14 ,  G06F21/31

Abstract: Techniques are disclosed relating to securely storing file system metadata in a computing device. In one embodiment, a computing device includes a processor, memory, and a secure circuit. The memory has a file system stored therein that includes metadata for accessing a plurality of files in the memory. The metadata is encrypted with a metadata encryption key that is stored in an encrypted form. The secure circuit is configured to receive a request from the processor to access the file system. In response to the request, the secure circuit is configured to decrypt the encrypted form of the metadata encryption key. In some embodiments, the computing device includes a memory controller configured to receive the metadata encryption key from the secure circuit, retrieve the encrypted metadata from the memory, and decrypt the encrypted metadata prior to providing the metadata to the processor.

公开(公告)号：US10423572B2

公开(公告)日：2019-09-24

申请号：US15275099

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Eric B. Tamura ,  Eric S. Brown

IPC: G06F16/11 ,  G06F16/16 ,  G06F8/656

Abstract: The described embodiments set forth techniques for performing live updates to file system volumes (e.g., operating system (OS) file system volumes) of computing devices through the utilization of snapshots. In particular, the techniques enable a computing device to remain active while a majority of an update process is performed, which eliminates the considerable functional downtime that is normally imposed when implementing conventional update techniques. Moreover, the overall robustness of the update process is enhanced as the techniques described herein reduce the amount of time that is required for the computing device to remain in the above-described specialized update mode.

公开(公告)号：US10032038B2

公开(公告)日：2018-07-24

申请号：US14700070

申请日：2015-04-29

Applicant: Apple Inc.

Inventor： Christopher J. Suter ,  Eric B. Tamura ,  George K. Colley ,  Mark S. Day

IPC: G06F21/62 ,  H04L9/14 ,  G06F21/60

Abstract: This application relates to a key rolling process for a file system of a computing device. The key rolling process allows for files to be transparently re-encrypted in a background process while still allowing applications to access files being re-encrypted. During re-encryption, a portion of the file is decrypted using a current key for the file and re-encrypted using a new key for the file. During re-encryption, the portion of the file can be relocated to another location in memory. Metadata associated with the file can be updated to include information pertaining to the location of the re-encrypted portion. The metadata can also be updated include information pertaining to how much of the file has been re-encrypted with the new key and how much of the file remains encrypted with the current key.